Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/29/2006
03:20 AM
50%
50%

CA Faces Backup Flaw

Tape security flaw in CA's BrightStor ARCserve could open users to DOS attacks

Officials at the U.S. Computer Emergency Readiness Team (US-CERT) have identified a security vulnerability in CA's widely OEM'd BrightStor ARCserve Backup product, which they warn could leave users' systems open to attack.

Officials say that the flaw affects the software's Tape Engine feature, which allows ARCserve Backup products to use tape drives for storage. According to US-Cert, the tape engine contains a vulnerability that is caused by incorrect handling of Remote Procedure Call (RPC) requests, which allow programs to request services across a network.

CERT's Website warns that the vulnerability could be exploited by sending a malformed RPC request to port 6502/tcp on a vulnerable system. In the worst case scenario, officials add, a hacker could use this flaw to execute code on users' systems, which often results in a denial-of-service (DOS) attack. (See Symantec Tracks Cybercrime Rise, Check Point Protects Against BGP DOS , and Cisco Unveils DDOS Protection Solution.)

DOS attacks continue to wreak havoc amongst users. (See Symantec Tracks Cybercrime Rise, and Massive DOS Attacks Against ISPs on the Rise.) Earlier this year, for example, Sun's on-demand grid computing service got smacked with a DOS attack on its first day of service. (See Sun Grid Weathers DOS Attack and Sun Unveils Grid Portal.)

The vendor says that it is looking into the problem. "CA is aware of a vulnerability report describing a remotely exploitable buffer overflow in the Tape Engine component of CA BrightStor ARCserve Backup," explained spokesman Michael Kornspan in an email. The company continues to investigate; there is no word on when a patch might be issued. "Once we conclude our investigation and verify the reported vulnerability, we will provide remediation."

CA has several OEM partners for its ARCserve Backup product. The software, for example, is bundled with Iomega's REV SBS Data Protection offering, and has also been integrated with NEC's ExpressCluster solution. (See Iomega Creates Bundle and Iomega Ships With CA .)

Earlier this year, CA snapped up application availability specialist XOsoft for a reported $100 million in an attempt to boost its data protection story. (See CA Buys XOsoft.) The acquisition was partly driven by CA's desire to integrate XOsoft with ARCserve Backup for protecting and recovering critical applications (See Storage Shopping Spree.)

At least one analyst is urging CA to tackle the reported backup flaw as a matter of urgency. "It's something that CA should be addressing and issuing a patch for right away," says Mike Karp, senior analyst at Enterprise Management Associates, adding that the vulnerability represents yet another tape technology challenge.

"To me, it's a symptom of the fundamental problem of transferring data to tape," he told Byte & Switch. "The trail of custody on tapes is always bad," added Karp, highlighting the high-profile storage snafus at Time Warner and Iron Mountain. (See Tape Security Trips Up Users, A Tale of Lost Tapes, and Iron Mountain Keeps Truckin'.)

Until the flaw is fixed, CERT is urging users to focus attention on their firewalls in an attempt to tackle the ARCserve flaw. "Restricting access to port 6502/tcp at the network perimeter may mitigate the impact of this vulnerability," warns the agency in a note on its Web site. The scope of the vulnerability may also extend across different versions of ARCserve Backup, according to CERT.

The SANS Institute has warned that hackers are increasingly targeting weaknesses in backup and recovery applications. According to analysts, vulnerabilities could be exploited to attack systems running backup servers and clients, which opens up the possibility of an attacker gaining access to sensitive backed-up data. (See Backup Poses Risk, SANS Warns.)

— James Rogers, Senior Editor, Byte and Switch

  • CA Inc. (NYSE: CA)
  • CA XOsoft
  • Computer Emergency Response Team (CERT)
  • Enterprise Management Associates
  • Iomega Corp. (NYSE: IOM)
  • Iron Mountain Inc. (NYSE: IRM)
  • NEC Corp. (Nasdaq: NIPNY; Tokyo: 6701)
  • The SANS Institute
  • Time Warner Inc. (NYSE: TWX)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 10/30/2020
    'Act of War' Clause Could Nix Cyber Insurance Payouts
    Robert Lemos, Contributing Writer,  10/29/2020
    6 Ways Passwords Fail Basic Security Tests
    Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    How to Measure and Reduce Cybersecurity Risk in Your Organization
    In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-5991
    PUBLISHED: 2020-10-30
    NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
    CVE-2020-15273
    PUBLISHED: 2020-10-30
    baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
    CVE-2020-15276
    PUBLISHED: 2020-10-30
    baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
    CVE-2020-15277
    PUBLISHED: 2020-10-30
    baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
    CVE-2020-7373
    PUBLISHED: 2020-10-30
    vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...